In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a high severity vulnerability CVE-2024-45132 was detected. This vulnerability allows attackers to gain unauthorized access to higher privileges, potentially compromising sensitive information. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45132.
Read more E-commerceIn Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45149 was detected. This vulnerability allows low-privileged attackers to bypass security features, potentially compromising confidentiality. Exploitation does not require user interaction. Currently, there is no fix version for this issue.For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45149.
Read more E-commerceIn Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45148 was detected. This vulnerability allows attackers to bypass security features and gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45148.
Read more E-commerceIn Magento’s all versions a medium severity vulnerability CVE-2024-4812 was detected. This vulnerability allows storing malicious JavaScript code in the “Description” field of a user account, which can be executed when opening certain pages like Host Collections. To fix this issue, users must upgrade Magento to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4812.
Read more E-commerceIn Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8 a critical severity vulnerability CVE-2024-34102 was detected. This allows attackers to execute unauthorized code on the server or access sensitive information by sending malicious XML documents, without needing any user interaction. To fix this problem, users should upgrade Magento Adobe Commerce to version 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34102.
Read more E-commerceIn WooCommerce versions prior from n/a through 9.1.2 a medium severity vulnerability CVE-2024-39666 was detected. This security flaw allows hackers to insert harmful code into web pages. To fix this problem, users should upgrade to WooCommerce version 9.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39666.
Read more E-commerceIn Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a high severity vulnerability CVE-2024-39406 was detected. This vulnerability allows attackers to perform Path Traversal, potentially leading to arbitrary file system read. To address this issue, it is recommended to apply the latest security patches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39406.
Read more E-commerceIn Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a critical severity vulnerability CVE-2024-39397 was detected. This vulnerability allows attackers to execute arbitrary code by uploading a malicious file, which can then be executed on the server. To address this issue, users must apply the latest security updates. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39397.
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8 and 2.4.4-p9 a medium severity vulnerability CVE-2024-39415 was detected. This vulnerability allows attackers to bypass security features and access minor information without user interaction. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9 and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39415.
Read more E-commerce